From: Sergey Glukhov Date: April 20 2011 7:08am Subject: bzr commit into mysql-5.1 branch (sergey.glukhov:3666) Bug#11889186 List-Archive: http://lists.mysql.com/commits/135757 X-Bug: 11889186 Message-Id: <201104200707.p3K77iLS003659@acsmt358.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0079563859876398169==" --===============0079563859876398169== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/gluh/MySQL/mysql-5.1/ based on revid:serge.kozlov@stripped 3666 Sergey Glukhov 2011-04-20 Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION calc_daynr() function returns negative result if malformed date with zero year and month is used. Attempt to calculate week day on negative value leads to crash. The fix is return NULL for 'W', 'a', 'w' specifiers if zero year and month is used. Additional fix for calc_daynr(): --added assertion that result can not be negative --return 0 if zero year and month is used @ mysql-test/r/func_time.result test case @ mysql-test/t/func_time.test test case @ sql-common/my_time.c --added assertion that result can not be negative --return 0 if zero year and month is used @ sql/item_timefunc.cc return NULL for 'W', 'a', 'w' specifiers if zero year and month is used. modified: mysql-test/r/func_time.result mysql-test/t/func_time.test sql-common/my_time.c sql/item_timefunc.cc === modified file 'mysql-test/r/func_time.result' --- a/mysql-test/r/func_time.result 2011-03-30 07:08:35 +0000 +++ b/mysql-test/r/func_time.result 2011-04-20 07:08:29 +0000 @@ -1405,4 +1405,16 @@ NULL SELECT ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR); ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR) NULL +# +# Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION +# +SELECT DATE_FORMAT('0000-00-11', '%W'); +DATE_FORMAT('0000-00-11', '%W') +NULL +SELECT DATE_FORMAT('0000-00-11', '%a'); +DATE_FORMAT('0000-00-11', '%a') +NULL +SELECT DATE_FORMAT('0000-00-11', '%w'); +DATE_FORMAT('0000-00-11', '%w') +NULL End of 5.1 tests === modified file 'mysql-test/t/func_time.test' --- a/mysql-test/t/func_time.test 2011-03-30 07:08:35 +0000 +++ b/mysql-test/t/func_time.test 2011-04-20 07:08:29 +0000 @@ -913,4 +913,12 @@ SELECT CAST((MONTH(FROM_UNIXTIME(@@GLOBA SELECT ADDDATE(MONTH(FROM_UNIXTIME(NULL)),INTERVAL 1 HOUR); +--echo # +--echo # Bug#11889186 60503: CRASH IN MAKE_DATE_TIME WITH DATE_FORMAT / STR_TO_DATE COMBINATION +--echo # + +SELECT DATE_FORMAT('0000-00-11', '%W'); +SELECT DATE_FORMAT('0000-00-11', '%a'); +SELECT DATE_FORMAT('0000-00-11', '%w'); + --echo End of 5.1 tests === modified file 'sql-common/my_time.c' --- a/sql-common/my_time.c 2011-02-02 17:05:28 +0000 +++ b/sql-common/my_time.c 2011-04-20 07:08:29 +0000 @@ -772,7 +772,7 @@ long calc_daynr(uint year,uint month,uin int y= year; /* may be < 0 temporarily */ DBUG_ENTER("calc_daynr"); - if (y == 0 && month == 0 && day == 0) + if (y == 0 && month == 0) DBUG_RETURN(0); /* Skip errors */ /* Cast to int to be able to handle month == 0 */ delsum= (long) (365 * y + 31 *((int) month - 1) + (int) day); @@ -783,6 +783,7 @@ long calc_daynr(uint year,uint month,uin temp=(int) ((y/100+1)*3)/4; DBUG_PRINT("exit",("year: %d month: %d day: %d -> daynr: %ld", y+(month <= 2),month,day,delsum+y/4-temp)); + DBUG_ASSERT(delsum+(int) y/4-temp > 0); DBUG_RETURN(delsum+(int) y/4-temp); } /* calc_daynr */ === modified file 'sql/item_timefunc.cc' --- a/sql/item_timefunc.cc 2011-03-28 13:24:25 +0000 +++ b/sql/item_timefunc.cc 2011-04-20 07:08:29 +0000 @@ -648,7 +648,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo system_charset_info); break; case 'W': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday= calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),0); @@ -657,7 +657,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo system_charset_info); break; case 'a': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday=calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),0); @@ -816,7 +816,7 @@ bool make_date_time(DATE_TIME_FORMAT *fo } break; case 'w': - if (type == MYSQL_TIMESTAMP_TIME) + if (type == MYSQL_TIMESTAMP_TIME || !(l_time->month || l_time->year)) return 1; weekday=calc_weekday(calc_daynr(l_time->year,l_time->month, l_time->day),1); --===============0079563859876398169== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.glukhov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.glukhov@stripped\ # ednbvfbojmc5oi5d # target_branch: file:///home/gluh/MySQL/mysql-5.1/ # testament_sha1: e68d39871c967f742df39aaa7360c1e14abf39e7 # timestamp: 2011-04-20 11:08:33 +0400 # source_branch: bzr+ssh://sgluhov@stripped/bzrroot\ # /server/mysql-5.1/ # base_revision_id: serge.kozlov@stripped\ # 9e9l55vhzs461737 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWWCImiEABLtfgEQwe+///3/v /qC////0YAlLmey+2W17YXZptQMFNmSIV26OPDKUzJNDIyaE2gT0TDQRkxBhMjCGQegGSk1Peqmn qfqnp6aUNqbSaY0gBkyANNAwAgBw00wQyGmmRkwgGmgDCaNMmABA0EhU0TU9NU8U2p6YUNPUMgNq aAMg0BoGmgAipNAJknpk0TTVPNTJ5NIxTDU09Q9Rk00A0PTFBJTSGp6AEwpgmJk1NNBNGaIGTRpo ABo6QNKgp6rJUtQpwDAh4ICI6Gfn2FapF8NtkL45nG0s4u8GCK4kZQDUjLxWOR8I8ABChMc4DGok 6MjC2l1amq5atQoRM/y1K/tINLDPyhyLshs5QtBjY2Dab/BV2J9RG3w5rb9yyVaGaHgqeaVTcULG VutlrHalhSSmLnZfP/YHqbZ0GiC4yse49hoDIYZBrEWg+I0EYBC366B/IhF9eZfdfhRIYokXDb8U kXAGwzPLU1ICZoUpcnYQAkJZRmbs6WGWBiyN7v69+OM8d2U9IdFVOhK+3za0qNIMWxsfOtKDqVf0 aB821JJJsQQhxIK9ph3UGsfHVxJhumV5cauz3KVWNH7aFfsaPQgmQ4moYNCh6T2htHke442aRkBm No5q98KpRbzlEivHolPZSclnIRvsfPUF6HIRSAc2Qtaewu6PQxx12BcFL0GXJi1l6FRptIx1QsQN oL0IIakNw+5iMiuJnLJJWpmUJBk0jLCSWARgWszIrIWtTGlJhY9+UkFnaQzFA0tZWS+4oYJTHL4k YWoUQSzgsXVriYg4M5mx6cyCCQepSzYlTqhlML37hpYHS+q2WJKJ0StwdQevLWktg0ajU3XFGp7J mLodmslvTS0YlNJnCBkNeUkeZmAUGTAt53zmLtznM+1BcCckD+JiQT3AyC6XmuQQF0kNMS1qtKJt QHYlTdINWILAGiaLWa+TQI3nEESw+kuSesLIUQjLal+FkdLVPLEysCVtbCVjmtpNGlZD1OmygYut NOx09ZWVa/P6Fbsd4dResgLEyZwJtbFBIqXBGs48ls8TsoGrAcxnEvGHkmXKpLS+Yj8lE3QmKFj/ 0FWLwXfUFtJa0XLibs9ScUOGXy19z61sncsXJhV5DwxksxJUzl2atZPjC9b+iuEtpcSTlDpaJ3kY A9zX5m8nYuOow1hkJYBKXtLeYkzQs+EVw8DGWb8ODCoX26VIGpitxQ34tzEXKcuhIJbR5HIOxqpA q11EBiNpSsGYlHy1BhG+fuzfMKYJbi0rpK2cti3nDRdO62e+tKh5K57EigRmBoxjEsg0k9VLDAln gSsW6TDRv0mUtyGspOEgUjo1KALQrIv4yTXjBaqn3EirNA1RQqltcqrya+TxxoKiV4TkMViRIL0Y J+iyKg+R73DqwpvZoDIiKErYqBMGC9VhStFlTsoNK2pO5LhRl86Nd/AQgQIB1hnQnTh6Qk6cR3An zfc975RB/oQ5FtmNsaYMoqeu83mKCtUVjGxsidywCt94+Cxf+ZlaAfGmLOwQkdzI/B+bWlo0p4tL eD4PghSysWI5mJ3sX6A2t7czNINszUM1b5MJnI4xahghbQyCFrghIwYtGGlO9+RK5nxveAQ8nS8D 2msPPuCRSH5d0iHYP5pQJuT1YOBJSJ2z+46Gaz1dZ2nYdh6z4/i+/4AldhpJEivDmzOPv7Jg4pij mStL4NqkxNMV6SGu+gI/IO6V5/i56jaY/b8Ncu6BMULcaPaTo900hLEzJDksibUtSsBfPdtBe9eo Am+F3Y9PUyMi68yLE47X+6zYYnausFOGBYHAsEUacxclpC4vGrPwajA2FPRkbGcCOpQBGV2NvBT6 JeCKESIYOp2YSJgxq2TcDUTFl8cpDSpBxUJieYrdUKWggg2l56TUZmB6qDSW0fnN8XenNRkqB4/1 p2N9OLxtPSVWMwemomOY2jNBIAnemEMGpdvI4fGHMqffBpS0ctS8wVB2ktjJrAIJXt3gbjYeJWlz yng8KhtJAFVWYc3za88nbqkcwxPv7WR63OeTbS8CN1MWqnTrwrXxxAURrNVRMiMAkIVo8zBdbFDa 2oE9CHEDqNZ6DmOvq0TnPynMcLr4gazqLUtOMuTVA8Qu2hAOsdRykiR3xbFGWC+LMmhT2LnAN68j nJE7CD5gDOitYtjzXdyEO39rwe94h591XSVXIC6votKZbAU/R0zuW9UA8jpOTH1owl0lXgePJwQI Q50xLaUCkF7GfQtNlXtN2qap1rClqHhXbkdvqt6qguPZYG2/K1MXAH2PWZUp3NncUBtS61wDoDWe Zd1wqQ4vlXlTguzmX78V1q2JQ7hzXkRkCHAuyXsTsU+OarYCgth7e4A48Wh1pAzoov1rxgrkIoB7 IwQ469qpnWvyylA+1tsyJZHgp1crmbzfvd+dsYlhGBflIL1kBzByg3KzQglCyhNIU7HPzk5NdmLT qlxTIhBtYyDB6NXodBUnM1Opnu1H1tdPM11g6eQHQqY3BYQWmRDa1mV8gSxcIhjFyuYw26fQ6ZoO 5gjobjkANvx4OBwiVE6hApp5p1u7RFm3qy9+pU0oN8+FDlOVIQrIPT59TrZ1HZsoU0vSm0k0Qh0S JWiKKbO0bL4EVMDqRSIFdMXyNdhQ1C4QysQivOVLJt/aiyKrzL0VZC1niQ4G8zpyDGDlkGlJwc7i twWYQwu2SSSSaSmipjkMiLxgqJMDemFSmIxYPNL33smVr63nSEgP8AHG9SD36MEW6Sw3g8lG0gNQ KDlOEh3NduuEKgseRmCb0kTbalSovTBFwvXPkZo863Ym3nj5fYop6As5XIMGANijosTFOjY3NQXs ASbAMW8Hg25mldjserifuPvc7xtbg6HMa2YtenAhub7rmXi7SlDhYPW+aTHjhIAXSea5M7Knsc7W 1GGxpAxcj9TPOlacDfjyM640auAwGIGSD1F3JFOFCQYIiaIQ --===============0079563859876398169==--